rke部署k8s集群

1、下载rke工具
https://github.com/rancher/rke/releases 选择对应版本然后重命名为rke
2、禁用虚拟内存
vm.swappiness=0
3、ssh配置文件打开配置
AllowTcpForwarding yes
4、安装docker-ce
5、将用户加入docker组 （centos不能用root用户并禁用 NetworkManager）
usermod -aG docker
6、运行./rke config --list-version --all 查看该版本rke支持的kubernets版本
7、运行./rke config --name xxx.yml
将节点信息填到交互式界面
8、执行./rke up 将启动安装或者使用下面模板：
9、生成的kube_config_cluster.yml 复制到~/.kube/config （kubectl 执行命令读取的认证文件）
10、如果需要添加或删除节点 在cluster.yml中添加相应信息 然后rke up --update-only cluster.yml

nodes:
  - address: 10.10.10.4
    user: ops
    role:
      - controlplane
      - etcd
  - address: 10.10.10.5
    user: ops
    role:
      - worker
# 默认值为false，如果设置为true，当发现不支持的Docker版本时，RKE不会报错
ignore_docker_version: false

# 集群级SSH私钥，如果没有为节点设置ssh信息则使用该私钥
ssh_key_path: /data/rke/privilege.key
#ssh_agent_auth: true
#kubernets的相关文件指定目录
prefix_path: /mnt/kubelet 
# 镜像仓库凭证列表
# 如果你使用的是Docker Hub注册表，
# 你可以省略`url`
# 或者设置为`docker.io`is_default设置为`true`
# 将覆盖全局设置中设置的系统默认注册表
private_registries:
  - url: harbor.test.com
    user: devops
    password: 8EFunIanwJfxkHBssh9Rg0GWca
    is_default: true

# 堡垒机配置
#bastion_host:


# Set the name of the Kubernetes cluster
cluster_name: owntest


#
# For RKE v0.3.0 and above, the map of Kubernetes versions and their system images is
# located here:
# https://github.com/rancher/kontainer-driver-metadata/blob/master/rke/k8s_rke_system_images.go
#
# In case the kubernetes_version and kubernetes image in
# system_images are defined, the system_images configuration
# will take precedence over kubernetes_version.
kubernetes_version: v1.20.9-rancher1-1


# For RKE v0.3.0 and above, the map of Kubernetes versions and their system images is
# located here:
# https://github.com/rancher/kontainer-driver-metadata/blob/master/rke/k8s_rke_system_images.go
services:
  etcd:
    snapshot: true
    creation: 5m0s
    retention: 36h  

  # Note for Rancher v2.0.5 and v2.0.6 users: If you are configuring
  # Cluster Options using a Config File when creating Rancher Launched
  # Kubernetes, the names of services should contain underscores
  # only: `kube_api`.
  kube-api:
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-controller
    service_cluster_ip_range: 192.168.1.0/16
    # Expose a different port range for NodePort services
    service_node_port_range: 30000-32767
    pod_security_policy: false
    # Add additional arguments to the kubernetes API server
    # This WILL OVERRIDE any existing defaults
    extra_args:
      feature-gates: RemoveSelfLink=false
      # Enable audit log to stdout
      #audit-log-path: "-"
      # Increase number of delete workers
      #delete-collection-workers: 3
      # Set the level of log output to debug-level
      #v: 2
  # Note for Rancher 2 users: If you are configuring Cluster Options
  # using a Config File when creating Rancher Launched Kubernetes,
  # the names of services should contain underscores only:
  # `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
  kube-controller:
    # CIDR pool used to assign IP addresses to pods in the cluster
    cluster_cidr: 192.1.0.0/16
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-api
    service_cluster_ip_range: 192.168.1.0/16
  kubelet:
    # Base domain for the cluster
    cluster_domain: cluster.local
    # IP address for the DNS service endpoint
    cluster_dns_server: 192.168.1.10
    # Fail if swap is on
    fail_swap_on: false
    # Set max pods to 250 instead of default 110
    extra_args:
      max-pods: 250
    # Optionally define additional volume binds to a service
    #extra_binds:
    #  - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
  kubeproxy:
      extra_args:
        proxy-mode: ipvs
        masquerade-all: true
# Currently, only authentication strategy supported is x509.
# You can optionally create additional SANs (hostnames or IPs) to
# add to the API server PKI certificate.
# This is useful if you want to use a load balancer for the
# control plane servers.
authentication:
  strategy: x509
  sans:
    - "10.11.11.6"

# Kubernetes Authorization mode
# Use `mode: rbac` to enable RBAC
# Use `mode: none` to disable authorization
authorization:
  mode: rbac

# If you want to set a Kubernetes cloud provider, you specify
# the name and configuration
#cloud_provider:
#  name: aws

# Add-ons are deployed using kubernetes jobs. RKE will give
# up on trying to get the job status after this timeout in seconds..
addon_job_timeout: 30

# Specify network plugin-in (canal, calico, flannel, weave, or none)
network:
  plugin: calico

# Specify DNS provider (coredns or kube-dns)
dns:
  provider: coredns

# Currently only nginx ingress provider is supported.
# To disable ingress controller, set `provider: none`
# `node_selector` controls ingress placement and is optional
ingress:
  provider: nginx
  node_selector:
    app: ingress
  extra_envs:
    - name: TZ
      value: Asia/Shanghai